I'm using a microprocessor - PIC32MZ2048efm144 MCU that receives commands encrypted with a specific key, decrypts them and executes the command. The encrypted commands are stored offline, so I cannot just change the key whenever I want. The key is FIXED. The commands are encrypted by a server, and donwloaded by a phone. The phone sends the encrypted commands to the MCU at a later time, when it's not online. The commands are encrypted before the phone communicates them to the MCU, so a session key is not possible.
I am allowed to connect an external encryption / decryption module to the PIC, but then the data will pass decrypted in at least one direction..
The solution brought here: Storing a secure key in an embedded device's memory
uses one-time keys to encrypt, but I need to store a single super-secret key
What My employer requires is for the keys to not be accessible, so physical protection besides the one offered by secure memory modules and the MCU, is not considered.
Assuming no military-grade equipment is used, are there any know solutions you guys know and can recommend?
Thanks in advance!